I see that these commands are executed every minute:
splunk-powershell.exe
splunk-winprintmon.exe
splunk-regmon.exe
splunk-netmon.exe
splunk-admon.exe
splunk-MonitorNoHandle.exe
The first one actually twice per minute.
Is there a way to disable these? are these some scripted inputs? I cannot locate them in the config.
I tried adding this for example to my config, but did not seem to change the anything:
[WinNetMon]
disabled = 1
[WinPrintMon]
disabled = 1
[WinRegMon]
disabled = 1
↧